There has been a flurry of activity around the Minnesota Statehouse in recent weeks with regard to how the state protects and evolves its technology infrastructure and cyberdefenses.
The first, and arguably more prominent action, came out of democratic Gov. Mark Dayton’s office with a proposal aimed at pumping $125 million into cybersecurity and systems upgrades. The second was the creation of a new House committee that will be charged with looking ahead at the tech landscape and suggesting various actions.
Technology officials in the state have long said that aging systems and increasing threat vectors are putting citizen data at more risk than ever before, but a clear-cut path to shoring up defenses has been harder to identify than some might assume.
Of the governor’s proposed IT spending plan, $74 million would go toward system security updates, while the remaining $51 million would be allocated to upgrading technology infrastructure.
Last year, when Dayton made a similar, albeit smaller, budget proposal, legislators moved against the allocations due to concerns about some of the state’s faltering technological undertakings — most prominently, the state’s health-care coverage portal MNsure. The 2016 attempt at more money for cybersecurity came in at $45 million, but sources close to the governor are hopeful legislators will see the need this year and sign on the dotted line.
During a press conference about the governor’s budget Jan. 31, Management and Budget Commissioner Myron Frans and CIO Thomas Baden stood behind the proposal, citing statistics about the current standing of the state's IT infrastructure and the “unprecedented challenges” in defending it.
Baden said the millions of attacks launched against the state on any given day are not unusual and regularly put the data of 5.5 million citizens in jeopardy. “We have to be concerned with the safety and security of the information. Today there is a real threat to Minnesota,” he said.
“We must secure the state’s IT systems,” he warned. “The cost of doing nothing is simply too great.”
The CIO also explained that some of the technology used on a daily basis predates the Internet and computer mouse. Though Baden was not available to discuss the budget proposal, his staff supplied a comment that underlined his concerns: “Each day, cybercriminals around the world steal personal, private data, disrupt business and government operations, and use our resources to conduct illicit or illegal operations. Strong cybersecurity protections are critical to protect Minnesota citizens, businesses and our state from these attacks. Gov. Mark Dayton’s historic investment to improve cybersecurity across the state of Minnesota will help to protect the private data of all Minnesotans,” he wrote.
The push for more cash in IT coffers coincided closely with a move on Feb. 1 by House Speaker Kurt Daudt to create the new Select Committee on Technology and Responsive Government, a body dedicated to improving state processes and efficiency. “I think we’ve got a huge opportunity in Minnesota to look at upgrading our IT systems, our computer systems and technology to provide better services to Minnesotans,” he said.
Daudt said the impetus for the committee boils down to a need for longer-term thinking when it comes to state technology and how it impacts citizens and customers.
“One of the problems for us in the Minnesota House is we serve two-year terms. We very often get stuck looking at everything as just how it impacts us right now — this budget, in this election, for two years, how does it impact us? And we forget to look at it on a longer term," he said. "That’s really what this committee is about."
When asked how the committee might dovetail with the governor’s efforts to provide a new level of funding for state IT, Daudt said he hopes it will serve as a resource in addressing some of the issues facing Minnesota and its customers.
“What we are really focusing on is how can we use technology to not only make government more effective and better at serving its customers, but also make it more efficient. I think they are two separate things, but hopefully complementary of each other.”
“We know as well that there are potentially some weaknesses in our IT infrastructure as far as cybersecurity is concerned, and we know that those need to be addressed,” Daudt said.
As for how the governor’s office believes the new committee will fit into the efforts, a source close to the administration said “it remains to be seen.” While any progress toward improved IT infrastructure is a step in the right direction, the same source said solidifying longer-term funding, much like transportation allocations, needs to be a priority for all involved.